Bleeping Computer reports that Palo Alto Networks (PAN) has become another victim of the Salesloft Drift / Salesforce campaign:
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance.
The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in which threat actors abused the stolen authentication tokens to exfiltrate data.
BleepingComputer learned of the breach this weekend from Palo Alto Networks’ customers, who expressed concern that the breach exposed sensitive information, such as IT information and passwords, shared in support cases.
Palo Alto Networks later confirmed to BleepingComputer that the incident was limited to its Salesforce CRM and did not affect any products, systems, or services.
Read more at Bleeping Computer.
